Analysis Date2018-05-17 00:48:03
MD5d540fd201e3f02b5d38c5ebb67aa63a6
SHA161f9bf96b0cb993314771319868194a68e401c60

Static Details:

AVArcabit (arcavir)Trojan.Slingup.A
AVAuthentiumW32/Shark.A.gen!Eldorado
AVGrisoft (avg)VB2.AIHY
AVAvira (antivir)TR/Dropper.Gen
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareTrojan.Slingup.A
AVBitDefenderTrojan.Slingup.A
AVBullGuardTrojan.Slingup.A
AVClamAVWin.Trojan.Agent-1353203
AVDr. WebTool.Netpass
AVEmsisoftTrojan.Slingup.A
AVMicroWorld (escan)Trojan.Slingup.A
AVCA (E-Trust Ino)Trojan.Slingup.A
AVFortinetW32/VB.OOI!worm
AVFrisk (f-prot)W32/Shark.A.gen!Eldorado
AVF-SecureTrojan.Slingup.A
AVIkarusWorm.Win32.Dorkbot
AVK7P2PWorm ( 001390b11 )
AVKasperskyTrojan.Win32.Agent.nezniy
AVMalwareBytesBackdoor.Gorynych
AVMcafeeNew Malware.d
AVMicrosoft Security EssentialsBackdoor:Win32/Slingup.A
AVNANOTrojan.Win32.VB.dwtuzm
AVEset (nod32)Win32/VB.OOI worm
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecSMG.Heur!gen
AVTrend MicroNo Virus
AVTwisterW32.VB.OOI.poqp
AVVirusBlokAda (vba32)Worm.VBNA
AVWindows DefenderBackdoor:Win32/Slingup.A
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\61f9bf96b0cb993314771319868194a68e401c60.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\~DF14E81AE9EC41ABA9.TMP
Creates FileC:\Users\Phil\AppData\Local\Temp\61f9bf96b0cb993314771319868194a68e401c60.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\61f9bf96b0cb993314771319868194a68e401c60.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\61f9bf96b0cb993314771319868194a68e401c60.exe
Creates FileC:\Windows\System32\wshom.ocx
Creates FileC:\Users\Phil\AppData\Local\Temp\61f9bf96b0cb993314771319868194a68e401c60.exe
Creates FileC:\Users\Phil\AppData\Roaming\taskmgr.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\61f9bf96b0cb993314771319868194a68e401c60.exe
Creates FileC:\Users\Phil\AppData\Roaming\taskmgr.exe
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UACDisableNotify ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
0
Creates Mutex
Creates Mutex

Process
↳ C:\Users\Phil\AppData\Roaming\taskmgr.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\~DFC3E0A765EF2021DF.TMP
Creates FileC:\Users\Phil\AppData\Roaming\taskmgr.exe
Creates FileC:\Users\Phil\AppData\Roaming\taskmgr.exe
Creates FileC:\Users\Phil\AppData\Roaming\taskmgr.exe
Creates FileC:\Windows\System32\wshom.ocx
Creates FileC:\Windows\System32\wshom.ocx
Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming\taskmgr.exe
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordPad.exe
Creates FileC:\Users\Phil\AppData\Roaming\taskmgr.exe
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordPad.exe
Creates FileC:\Windows\System32\wshom.ocx
Creates FileC:\Users\Phil\AppData\Roaming\ky.config
Creates FileC:\Windows\System32\msxml3.dll\1
Creates FileC:\Windows\System32\msxml3.dll
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UACDisableNotify ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\taskmgr ➝
C:\Users\Phil\AppData\Roaming\taskmgr.exe
Creates Mutexintercepter
Creates Mutex
Creates Mutex

Process
↳ C:\Users\Phil\AppData\Roaming\dwn.exe

Process
↳ C:\Users\Phil\AppData\Roaming\taskmgr.exe

Network Details:


Raw Pcap

Strings